package com.its.us.web.config.authorization;

import com.its.us.web.service.sys.UserDetailsServiceImpl;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;

import javax.annotation.Resource;

/**
 * 认证授权服务器
 *
 * @Author: master
 * @Date: 2020/10/29 10:58
 * @Version: 1.0
 */
//@Configuration
//@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    @Resource
    private PasswordEncoder passwordEncoder;

    @Resource
    private AuthenticationManager authenticationManager;

    /**
     * 使用jwt存储
     */
    @Resource
    @Qualifier("jwtTokenStore")
    private TokenStore jwtTokenStore;
    @Resource
    private JwtAccessTokenConverter jwtAccessTokenConverter;


    @Resource
    private UserDetailsServiceImpl userDetailsServiceImpl;

    /**
     * 使用redis存储
     */
    /*@Resource
    @Qualifier("redisTokenStore")
    private TokenStore redisTokenStore;*/


    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.inMemory()
                // 客户端key
                .withClient("client")
                // 客户端密码加密
                .secret(passwordEncoder.encode("123"))
                // 重定向的地址
                //.redirectUris("http://www.baidu.com")
                // sso 重定向到客户端的登录页
                .redirectUris("http://127.0.0.1:8082/login")
                // 授权范围
                .scopes("all")
                // 单点登录自动授权
                .autoApprove(true)
                // 授权类型（四种）
                // authorization_code：授权码模式
                // password：密码模式
                .authorizedGrantTypes("authorization_code", "password");
//                .authorizedGrantTypes("password");
    }

    /**
     * 密码模式
     */
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.authenticationManager(authenticationManager)
                .userDetailsService(userDetailsServiceImpl)
                // 1 使用jwt-token存储，转成jwtToken
                .tokenStore(jwtTokenStore)
                .accessTokenConverter(jwtAccessTokenConverter);

        // 2 直接写入redis缓存中（也可以去掉）
        //.tokenStore(redisTokenStore);

    }

    @Override
    public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
        // 配置单点登录必须要配置
        security.tokenKeyAccess("isAuthenticated()");
    }
}
